CVE-2026-4208
MFA Bypass in Extension Due to Improper Code Reset
Publication date: 2026-03-17
Last updated on: 2026-04-25
Assigner: TYPO3
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mrsilaz | mfa_mail | to 1.0.7 (exc) |
| mrsilaz | mfa_mail | 2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'The TYPO3 extension "E-Mail MFA Provider" (mfa_email), version 2.0.0 and below, has a vulnerability where it fails to properly reset the generated MFA code after a successful authentication.'}, {'type': 'paragraph', 'content': 'This flaw allows an attacker to bypass multi-factor authentication (MFA) on future login attempts by submitting an empty string as the MFA code to the extensionβs MFA provider.'}, {'type': 'paragraph', 'content': 'The vulnerability is exploitable only if the "E-Mail MFA Provider" is not the default MFA provider and the user has at least one other MFA provider enabled.'}] [1]
How can this vulnerability impact me? :
This vulnerability can lead to a high-severity security risk by allowing attackers to bypass MFA protections on affected TYPO3 installations.
An attacker could gain unauthorized access to user accounts by submitting an empty MFA code, potentially compromising sensitive data and system integrity.
Since MFA is a critical security control, bypassing it weakens the overall authentication process and increases the risk of account takeover.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'To mitigate this vulnerability, users are advised to uninstall and delete the vulnerable TYPO3 extension "E-Mail MFA Provider" (mfa_email) versions 2.0.0 and below.'}, {'type': 'paragraph', 'content': 'Since the extension author did not provide a timely security fix, it is recommended to seek alternative MFA extensions from the TYPO3 Extension Repository.'}, {'type': 'paragraph', 'content': 'Additionally, users should follow the TYPO3 Security Guide recommendations and subscribe to the typo3-announce mailing list for updates.'}] [1]